Whether they call it the fitbit or the “Ohsh*t!bit” governments are learning that the exercise internet of things is giving away their geospatial secrets at a rapid clip. Nick Weaver walks us through what most in the US would call a security disaster – and how it could become an intelligence bonanza. As an example of what can be done, Jeffrey Lewis highlights Taiwan’s secret cruise missile command center.

Of course, as soon as authoritarian governments learn to use fitbits to oppress their people, we can expect the European Union and the Wassenaar export control group to slap export controls on them. Meredith Rathbone reports on the effort to persuade Europe and Wassenaar not to throw the security industry out with the intrusion software. Turns out that progress is being made on both fronts.

Nick and I talk through the latest stories on Russian cyberspying. Meduza and Buzzfeed have a persuasive and dispiriting story about how Eugene Kaspersky might have been forced to cooperate with the Russian FSB. Looking at questions being raised about US firms allowing the Russians to inspect their source code, we conclude that Balkanization of cybersecurity products is a near certainty, with the only question being how many markets there will be.

Speaking of Russia, the Dutch, not prominent among hacking intelligence agencies until now, have apparently counted cybercoup on the Russians.

Meredith and I dig into the latest round in the European Court of Justice between Max Schrems and Facebook. We call it a draw, with special props to Facebook for creativity in arguing that Schrems is no longer a consumer because he’s obviously turned suing Facebook into a profession.

Finally, in the interview, we talk to Tim Maurer, co-director of the Cyber Policy Initiative and author of the new book, “Cyber Mercenaries – The State, Hackers, and Power.” Tim tells us the hidden story behind his book’s title and then jumps into a fascinating comparative study of how different governments try to control (or don’t) the hackers they recruit. Because it turns out that they all recruit hackers, just in very different ways. Tim points out an increasing fad for having hackers from one country move to another country to ply their trade. (North Koreans to China; Chinese to Africa) and the additional deterrence options this offers the US government.

Steptoe partner Stewart Baker with Tim Maurer

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

In this episode, I interview Elsa Kania, author of a Center for a New American Security report on China’s plan for military uses of artificial intelligence – a plan that seems to have been accelerated by the asymmetric impact of AlphaGo on the other side of the Pacific.

I take a victory lap, as the Director of National Intelligence promises to apply the Gates procedures to unmasking of transition officials. As recommended by me (well, and the House Intelligence Committee). No need to call them the Baker procedures, though, guys.

Bleeping Computer says Germany is planning backdoors into modern devices. Maybe so, I offer, but whether that includes encryption is not at all clear.

Finally, Nick digs into the remarkable work that Citizen Lab and Bill Marczak continue to do on authoritarian government hacking. He says, with evidence, that efforts to control sales to untrustworthy governments are actually working.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Episode 195 features an interview with Susan Hennessey of Lawfare and Andrew McCarthy of the National Review. They walk us through the “unmasking” of US identities in intelligence reports — one of the most divisive partisan issues likely to come up in the re-enactment of section 702 of FISA. I bask momentarily in the glow of being cast as a civil liberties extremist. And Thidwick the Big-Hearted Moose offers insights into 702 reform.

Steptoe partner Stewart Baker with Susan Hennessey

In the news roundup, I try to count votes after the Supreme Court argument in Carpenter v. United States. I count at least four likely votes to require a warrant for cell phone location data and only two likely votes for the United States (and the preservation of the third party doctrine). The other Justices didn’t exactly wear their votes on their sleeve, but the smart money favors a whole new ballgame for criminal discovery. The Court’s biggest problem will be finding a rationale that doesn’t open up decades of litigation. Justice Gorsuch distinguishes himself with a rationale that is creative, libertarian-conservative, and, well, cockamamie.

Phil West provides the tech angle on the biggest Congressional news — tax reform and what it means for Silicon Valley

Meanwhile, Uber’s problems seem neverending. The latest disaster focuses on the company’s use of quick-to-vanish messaging services like Wickr and Telegram. Such services are popular among “Technorati” who like to fancy themselves as targets of government surveillance. Problem is, when they are under surveillance, or just a discovery obligation, the use of evanescent messaging is often seen as a sign of guilt. This messaging movement could turn out to be extremely costly – first for Uber and then for Silicon Valley in general. I’m not sure that putting employees on the honor system not to use those services for company business is going to be enough.

Our interview this week is with Rob Reid, author of After On and Year Zero, two books that manage to translate serious technology nightmares into science fiction romps. We cover a lot of ground: synbio and giving eighth graders the tools for mass human extinction, the possibility that artificial intelligence will achieve takeoff and begin to act counter to humanity’s interests in a matter of hours. Along the way, we consider the possibility that the first AI will arise from a social media behemoth and will devote its exponential power to maximizing human hookups.

In the news, we explore the massive PR disaster that is the Uber data breach and reach the surprising conclusion that the whole thing may turn out worse in the media than in the courts. Except in the EU, Maury Shenk reminds me. Europe just hates Uber viscerally. So much so that Jim Lewis suggests the company’s EU subsidiary will soon have to be renamed Unter.

I note the release of the ODNI’s report on the intelligence community’s “masking” of US identities in intel reports. We talk about the temptation to weaponized unmasking during transitions, and I ask why the “Gates procedures” that provide special protection for unmasking of Congressional identities shouldn’t also be used to protect Presidential transition teams.

I note that Sen. Wyden (D-OR) has another campaign underway to imply that the Justice Department is imposing decryption assistance requirements under FISA without judicial review. In fact, if there is such an effort, the company on the receiving end already has a judicial remedy. And Maury explains that the head of Germany’s new cybersecurity agency is joining the German government chorus arguing for “hack back,” but only by the German government.

My candidate for Dumbest Public Policy Battle of the Season: The complaint that someone faked a bunch of meaningless, content-free comments on net neutrality. The problem is really the idea that the policy debate should be influenced by counting votes in the World’s Skeeviest Online Poll, an idea that seems to have sparked a kind of bot arms race between supporters and opponents of the FCC’s policy.

And my candidate for Coolest Technology Story of the Season: Feeding graphene to spiders and discovering that it greatly strengthens their webs. Every fifteen-year-old science fair participant should take heart: It turns out that with great quantities of graphene comes great responsibility.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

We celebrate the holiday season by interviewing David Ignatius, Columnist and Associate Editor at The Washington Post and the author of multiple spy thrillers, including his most recent, The Quantum Spy. David and I discuss themes from the book, from quantum computing to ethnic and gender tensions at the Agency, while managing to avoid spoilers. It’s a fun and insightful work.

Steptoe partner Stewart Baker with David Ignatius.

In the news, I flag Twitter’s weird journey from the free speech wing of the free speech party to the censorship wing of the Censor’s Party. Twitter is now revoking the verification checks for people whose speech it disapproves of. It’s even de-checking people based on its assessment of their off-line conduct. So maybe that should be the Stasi wing of the Censor’s Party. And, not surprisingly, given Silicon Valley’s steep leftward-tilt, the censorship seems to fall far more harshly on the right than on less PC targets.

Markham Erickson and I treat Twitter’s wobbly stance as a symptom of the breakdown of the Magaziner Consensus, as both left and right for their own reasons come to view Big Tech with suspicion. Markham has shrewd observations about what it all means for the (questionable) future of social media’s section 230 immunity.

We dive into a surprising new analysis of China’s “50c Army.” Turns out that the Chinese government strategy for flooding the internet is 180 degrees off from Russia’s. Instead of a Trollfest, Chinese government-funded social media is saccharine sweet. Cheerleading and changing the subject are what its army does best.

With the Texas church shooting having put encryption back on the front burner, I claim that Apple is becoming the FBI’s crazy ex-girlfriend in Silicon Valley — and offer the tapes to prove it. When Nick Weaver rises to Apple’s defense, I point out that Apple responded to a Chinese government man-in-the-middle attack on iCloud users with spineless obfuscation rather than a brave defense of user privacy. Nick asks for a citation. Here it is: https://support.apple.com/en-us/HT203126 (Careful: don’t click without a chiropractor standing by.) Nick provides actual news to supplement the NYT’s largely news-free front page story about leak and mole fears at NSA. I gloat, briefly, over hackback’s new respectability, as the ACDC act acquires new cosponsors, including Trey Gowdy, and hacking back acquires new respectability. But not everywhere. Michael Sulmeyer finally gets a word in edgewise as the conversation shifts to the NDAA passes. He discusses the MGT Act, the growing Armed Services Committee oversight of cyberoperations, and the decision to lift — and perhaps separate — Cyber Command from NSA. I take issue with any decision that requires that a three-star NSA director argue intelligence equities with a four-star combatant commander. We end with Michael Sulmeyer and I walking through the challenges for DoD of deterring cyberattacks. We both end up expressing skepticism about the current path.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

In our 190th episode Stewart Baker has a chance to interview United States Senator Sheldon Whitehouse (D-RI) has a long history of engagement with technology and security issues. In this episode, we spend a remarkably detailed half-hour with him, covering the cybersecurity waterfront, from the FBI’s problems accessing the Texas church shooter’s phone, and what Silicon Valley should do about that, to Vladimir Putin’s electoral adventurism and how to combat it. Along the way, we touch (skeptically) on the NIST Cybersecurity Framework and more enthusiastically on allowing private citizens to leave their networks to track the hackers who’ve attacked them. Plus: botnet cures, praise for Microsoft, a cybersecurity inspector general (or, maybe, bug bounties), DHS’s role in civilian cybersecurity, and how much bigger Rhode Island really is at low tide!

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Today’s bonus episode is an interview with Rep. Graves, co-sponsor of the Active Cyber Defense Certainty (ACDC) Act, which allows those whose networks are under persistent attack to leave their network to conduct investigative action. Rep. Graves offers a measured but deeply felt defense of the proposal and is optimistic about its reception. And, with the hard-hitting investigative approach the Cyberlaw Podcast is known for, I ask the tough question: “Is this bill a tribute to AC/DC – and if so, which song?” (Hint in the title of the post.)

Mark your calendars for November 7th when we will gather for a live taping of a special episode on Election Cybersecurity at our Dupont Circle offices here in DC. To register please visit the Events page of our website at steptoe.com.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

]]>https://www.steptoecyberblog.com/2017/11/01/the-cyberlaw-podcast-interview-with-united-states-representative-tom-graves/feed/0The Cyberlaw Podcast – The Shane Rounduphttps://www.steptoecyberblog.com/2017/10/16/the-cyberlaw-podcast-the-shane-roundup/
https://www.steptoecyberblog.com/2017/10/16/the-cyberlaw-podcast-the-shane-roundup/#respondMon, 16 Oct 2017 20:22:05 +0000http://www.steptoecyberblog.com/?p=2792Continue Reading]]>Today’s news roundup features Shane Harris of the Wall Street Journal, Brian Egan, and Alan Cohn discussing stories that Shane wrote last week. Out of the box, we work through the hall of mirrors that the Kaspersky hacking storyhas become.

The Russian hacking story is biting more companies than just Kaspersky. Turns out that Twitter deleted all the Russian trolling accounts and tweets when the Russians asked them to. Because privacy! I put in a plug for the rule that privacy always somehow ends up protecting the powerful – in this case Vladimir Putin and, of course, Twitter itself.

We also cover another Wall Street Journal story detailing North Korea’s use of (another) antivirus product to hack South Korea’s military – and US war plans.

Alan unpacks the Trump Administration’s most detailed statement to date on law enforcement and technology — Deputy AG Rosenstein’s far-ranging speech on the topic.

Alan and I also touch on the emerging fight over 702 – and the media’s evergreen and credulous “discovery” that the far left and far right are surprisingly close on surveillance issues.

Richard Danzig, former Navy Secretary and a serious defense and technology thinker, speaks to us about the technology tsunami and what it means for the Pentagon. Among the risks: lots more accidents, some of them catastrophic, and “emergent” interactions among systems that no one predicts or prepares for. He calls for the Department of Defense to spend more time thinking about ways in which our weapons might kill us without any enemy action. Along the way, we ask the hard questions, including whether Kim Jung Un will use gene therapy to make his people smarter, dumber, or better basketball players.

In our news roundup, the House Judiciary Committee has struck the first blow in the 702 renewal debate. Paul Rosenzweig and I assess its bill and end up concluding that it does less damage to national security than expected, except for the unfortunate decision to sacrifice the possibility of conducting “about” collection.

Meanwhile, a turf fight inside Treasury has gotten vicious, with FinCEN lobbing (and leaking) “intelligence scandal” epithets at its sister Office of Intelligence and Analysis. Brian Egan doesn’t seem surprised about the fighting, while expressing skepticism about the likelihood of a real scandal. In the words of our President, “Sad!”

Irish courts have unsurprisingly punted on the use of standard contracts clauses to export data to the US, Michael Vatis tells us. The court has referred the hard issues to the European Court of Justice.

Speaking of sad, a third (or maybe a fourth) NSA staffer has taken Top Secret material home with disastrous results. Kaspersky’s software seems to have been great at spotting the classified malware on the staffer’s machine. The result, Paul notes, is that the malware ended up in Russian government hands, and Kaspersky’s reputation is toast in the West. Maybe it’s just a coincidence or maybe Kaspersky has given up wooing the West, but its latest report outs an unknown power that has been “piggybacking” on intrusions aimed at or run by Russian and Chinese hackers.

Finally, Brian discusses USTR’s use of the WTO to put a shot across China’s bow on that nation’s cybersecurity law.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.